Nest Security Vulnerabilities and Issues — Nest CVE List

Lucene search

NestjsNest

3 matches found

CVE•added 2023/03/06 5:15 a.m.•61 views

CVE-2023-26108

Versions of the package @nestjs/core before 9.0.5 are vulnerable to Information Exposure via the StreamableFile pipe. Exploiting this vulnerability is possible when the client cancels a request while it is streaming a StreamableFile, the stream wrapped by the StreamableFile will be kept open.

5.3CVSS5.2AI score0.00087EPSS

CVE•added 2025/03/14 6:15 p.m.•57 views

CVE-2024-29409

File Upload vulnerability in nestjs nest v.10.3.2 allows a remote attacker to execute arbitrary code via the Content-Type header.

5.5CVSS7.9AI score0.00074EPSS

CVE•added 2025/08/02 12:15 a.m.•12 views

CVE-2025-54782

Nest is a framework for building scalable Node.js server-side applications. In versions 0.2.0 and below, a critical Remote Code Execution (RCE) vulnerability was discovered in the @nestjs/devtools-integration package. When enabled, the package exposes a local development HTTP server with an API end...

9.4CVSS8.3AI score0.0397EPSS